Re: VPN over wireless

I've thought about this a bit and am hesitant to try it for the following
reason: I've tried, on and off, for about 9 months to get VLAN's working on
my network - and no success. I've been on-line and on phone with D-Link's
tech support, even got bumped up a level or two, and we could never get it
to work. I also 'haunted' the MS wireless newsgroup with this issue. Never
got it solved. I could "see" the main building AP (which is wired) but the
remote AP's could never get a connection.

I'd be willing to try again, but I'd need someone who KNOWS the D-Link
managed switches to lend lots of advice.
(I won't bore you or this newsgroup with the details, but will share it with
anyone off-line. I'll post here if it is thought to be constructive.)

Mike

"John Oliver, Jr. [MVP]" <jcoliverjr@xxxxxxxxxxx> wrote in message
news:eoLack3YIHA.1132@xxxxxxxxxxxxxxxxxxxxxxx
Mike,

I see now, so you only have one Gateway or WAN connection and not two as
it suggested in your first post. I would have setup a separate VLAN on
the L2/L3 switch. You will still the need the Router to issue DHCP and
wireless to the Guest network. Give the LAN IP on the router an IP of
10.0.0.1 (better for separating networks if you use a different Private
Range) So when you create, say VLAN2 on the switch plug the internal port
of the 524 to VLAN2. This will now give the Guest computers IP's on the
10.0.0.0 network but still access to the internet. Now on the WAN port of
the 524, input an IP address of 192.168.0.50. Plug the WAN Port of the
524 into the VLAN1. Now you can go the PIII's and add a persistent route
statement for the 192.168.0.0 network. This will now let the PIII's
access the 192.168.0.0 network. You could also do a lot of this the Cisco
Router but you did not state what model you have. It basically would not
require the need for route statements on the PIII's as the Router would
control them through access lists but in your case we still need the
additional DHCP Server and AP so this would not be relevant. If this does
not make a lot of sense then I would contact a Cisco Engineer to help you
out. Better to get this done right the first time.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner


"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:eE62uO3YIHA.4332@xxxxxxxxxxxxxxxxxxxxxxx
Ok, that makes a bit more sense, but I think I should diagram out my
setup to see if you think your idea will still work.

T1, Cisco Router
|
unmanaged D-Link switch
| |
LAN Router Wireless Router
(D-Link DI-524)
192.168.1.1 192.168.0.1
| |
L2/L3 switch (4) wireless
access points (D-Link DWL-2200AP)
(D-Link DES-3828)
192.168.0.100 thru .103
192.168.16.150
|
SBS server
192.168.16.2

So .... how would I do as you suggest?



"John Oliver, Jr. [MVP]" <jcoliverjr@xxxxxxxxxxx> wrote in message
news:OEWyTJ3YIHA.4896@xxxxxxxxxxxxxxxxxxxxxxx
I have no problem with creating a separate network for just the Guests
but why not just let the PIII's connect directly to your LAN throught the
AP's with security enabled? You are essentially doing the same thing
with creating the VPN through the additional internet connection. When
they connect either way, they will still be on your SBS LAN. You can
control access to your SBS LAN AP's with Mac addressing, time schedule,
etc. for the PIII's. This gets them only connected to your SBS LAN, at
that point you can still implement Windows AD Security.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner


"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:OFCDj32YIHA.1532@xxxxxxxxxxxxxxxxxxxxxxx
I've set the AP's and router to WPA2. However, the primary users of
this Guest network are people here for conferences, visitors, grad and
undergrad students in our housing unit during their off time, etc. I
don't want them anywhere NEAR my SBS network, so I don't know how to
give just these 2 PIII's access -- as I think you're suggesting.


"John Oliver, Jr. [MVP]" <jcoliverjr@xxxxxxxxxxx> wrote in message
news:uY7ewu2YIHA.4160@xxxxxxxxxxxxxxxxxxxxxxx
If you are using wireless then enable encryption WEP or WPA (most
secure) on the wireless AP's. No need for VPN.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner


"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:uI%23MMR2YIHA.208@xxxxxxxxxxxxxxxxxxxxxxx
Running SBS 2003 Premium, Exchange, ISA 2004, SQL, 2 NIC's, router,
L2/L3 switch, WSUS.
==================
I am setting up a separate network for Guest access using a wireless
router with a fixed IP conected to the T1 Cisco router. My access
points are in near-by buildings and connectivity is good. Our lab is
busy from Spring to early Fall with undergraduate and graduate
students, and a part of their duties is to input data into Excel
sheets and database forms. I put a couple old PIII's out there with
wireless cards and would like to give them access to the LAN so they
can get to those resources. Money is tight, otherwise I'd set up
another wireless network. Can I use VPN in this scenario? (I've
never used it or seen it in use.) The setup seems pretty simple. We
are in a remote rural area so I'm not worried about anyone else
getting in. I'm pretty sure I can lock the users down with
folder/file permissions so they can't stray where they shouldn't. (GP
is probably better, but that's another area I've never gotten into.)

Any and all suggestions and comments are welcome!

--
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a 501 (c)(3) conservation non-profit organization













.